an executable server module coupled to the second data structure to receive the 
information communicated by the agent executable module of the agent on the 
host/device, 

said executable server module to store the received information as entries in the 
second data structure wherein the entries indicate the state of each of the ports on 
each of the active interfaces of the host/device as received, 

said executable server module to compare the entries in said data structures to 
determine the change in the status of interfaces and ports on the interfaces of the 
host/device, and 

said executable server module to run vulnerability assessment tests on the 
host/device in the event of a change in the status of interface/ports. 
The system of claim 1, further comprising: 

an executable server module coupled to a second data structure to receive and 

update the vulnerability data in the destination server used by the server for 

vulnerability tests, whenever new vulnerabilities are discovered, and 

said executable server module coupled to the second data structure to test the 

host/device for the new vulnerabilities whenever the vulnerability database is 

updated with new vulnerabilities and to determine the new vulnerabilities 

A system for real-time vulnerability assessment of a host/device, said system 

comprising: 

an agent mnning on the host/device, said agent comprising: 

a first data structure to store the status of interfaces on the host/device and the ports 
on the interfaces on the host/device, 

an executable agent module coupled to the first data structure and operable to track 
the status of interfaces and ports on the interfaces of the host/device to collect and 
store the information, as entries in the first data structure, 

said executable agent module coupled to the first data structure to compare the 
entries to determine a change in the status of interfaces and/or of ports on the 
interfaces of the host/device, 

said executable agent module to communicate said changes to a remotely located 
destination server on the network, and 

a destination server running remotely, said destination server comprising: 

a second data structure for storing the status of interfaces/ports on the host/device. 
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an executable server module coupled to the second data structure to receive 
information communicated by the executable module on the host/device, 
said executable server module coupled to the second data structure to store the 
received information as entries in the second data structure wherein the entries 
indicate the state of each of the ports on each of the active interfaces of the 
host/device as received, 

said executable server module coupled to the second data structure to compare the 
entries to determine any change in the status of interfaces and ports on the 

interfaces of the host/device as reported to it, 

said executable server module coupled to the second data structure to process the 
changes to determine any new interfaces active and/or any newly opened ports on 
any of the active interfaces on the host/device on which services are listening as 
reported to it, 

said executable server module coupled to the second data structure to run tests 
remotely to identify the network services running on the newly opened ports on the 
various active interfaces of the host/device, 

said executable server module coupled to the second data structure to run 
vulnerability assessment tests on the identified network services on the newly 
opened ports of the interfaces and storing the results, and 

said executable server module coupled to the second data structure to obtain an 
incremental or an overall vulnerability status report of the host/device from the 
results of the current vulnerability tests, and previously stored results. 
The system of claim 3, further comprising: 

an executable server module coupled to the second data structure to receive and 
update the vulnerability database in the vulnerability assessment server used by the 
server to do vulnerability tests, whenever new vulnerabilities are discovered 
publicly or elsewhere, and 

an executable server module coupled to the second data structure to test the 
host/device for the new vulnerabilities whenever the vulnerability database is 
updated with new vulnerabilities, and obtain results. 

The system of claims 1 and 4, wherein status of an interface is either active or 
inactive. 
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6. The system of claims 1 and 4, wherein status of a port is a service listening on the 
port or not. 

7. The system of claims 1 and 4, wherein the agent tracks the change in status of 
ports/interface by monitoring in real-time or polling at periodic intervals for the 

5 status of ports/interfaces and storing the entries at various time intervals. 

8. The system of claims 1 and 4, wherein the communication protocol between the 
host/device and the destination server is a standard transport level utility selected 
from sockets or any other standard communication protocol. 

9. The system of claims 1 and 4, wherein the server executable module compares the 
10 entries corresponding two consecutive time intervals. 

10. The system of claims 1 and 4, wherein the host/device is selected from a switch, a 
router, a device running a standard real-time operating system, a mobile device or a 
PDA. 

11. The system of claims 1 and 4, wherein the host/device is an enterprise/consumer 
15 machine running with Windows, Unix, Linux, Vx Works, Symbian or PalmOS. 

12. The system of claims 1 and 4, wherein the changes that are conmiunicated to the 
destination server consisting of the IP address of the interface(s) and the port 
numbers on which listening services have started or stopped on the particular 
interface(s). 

20 13. The system of claims 1 and 4, wherein the status of the port consists of separate 
statuses for TC and XJD protocols. 

14. The system of claims 1 and 4, wherein plurality of hosts/devices is tracked in 
conjunction with one or more destination servers handling the host/de vices. 

15. Logic encoded in media for real-time vulnerability assessment of a host/device, and 
25 operable to perform the following steps: 

a) tracking in real-time the status of interfaces and/or of the ports on a host/device, 

b) communicating a change in the status of the interfaces and/or the status of ports 
of the host/device to a remotely located destination server on the network, 

c) tracking in real-time the reported status of ports and interfaces of the host/device 
30 by the destination server, and 

d) conducting vulnerability assessment tests on the host/device by the destination 
server in the event of a change in the status of interfaces and/or ports of the 
host/device. 
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16. Logic encoded in media for real-time vulnerability assessment of a host/device, and 
operable to perform the following steps: 

a) tracking in real-time the status of interfaces and/or ports on a host/device, 

b) communicating the change in the status of the interfaces and/or the status of 
5 ports to a remotely located destination server on the network, 

c) tracking in real-time the reported status of the ports and interfaces of the 
host/device by the destination server, 

d) processing the changes by the destination server to determine new active 
interfaces or newly opened ports on any of the active interfaces on the 

10 host/device on which services are listening, 

e) running tests to identify remotely the network services running on the newly 
opened ports on the various active interfaces of the host/device, 

f) running vulnerability assessment tests on the identified network services on the 
newly opened ports of the interfaces and storing the results, and 

15 g) generating an incremental and/or overall vulnerability status report of the 

host/device from the results of the current vulnerability tests, and storing the 
results classified port and interface wise 

17. The logic of claims 15 and 16, wherein the status of an interface is either active or 
inactive. 

20 18. The logic of claims 15 and 16, wherein status of a port is a service listening on the 
port or not. 

19. The logic of claims 15 and 16, wherein the status of the port consists of separate 
statuses for TC and UD protocols. 

20. The logic of claims 15 and 16, wherein tracking consists of monitoring in real-time 
25 or polling at periodic intervals for the status of ports/interfaces on the host/device. 

21. The logic of claims 15 and 16, wherein the communication protocol between the 
host/device and the destination server is a standard transport level utility selected 
from sockets or any other standard communication protocol. 

22. The logic of claims 15 and 16, wherein the host/device is selected from a switch, a 
30 router, a device running a standard real-time operating system, a mobile device or a 

PDA. 

23. The logic of claims 15 and 16, wherein the host/device is an enterprise/consumer 
machine running with Windows, Unix, Linux, VxWorks Symbian or PalmOS. 
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24. The logic of claims 15 and 16, wherein the changes that are communicated to the 
destination server consisting of the IP address of the interface(s) and the port 
numbers on which listening services have started or stopped on the particular 
interface(s). 

25. The logic of claims 15 and 16, wherein the information that is communicated from 
the host/device to the destination server is the names of the services. 

26. The logic of claims 15 and 16, wherein the information that is communicated from 
the host/device to the destination server is a message signaling a change in the 
status of interfaces and/or ports on the host/device. 

27. The logic of claims 15 and 16, wherein the vulnerability assessment server used by 
the destination server is updated with the new vulnerabilities to test the presence of 
vulnerabilities. 

28. The logic of claims 15 and 16, wherein a plurality of hosts/devices are tracked in 
conjunction with plurality of destination servers handling the host/devices. 

29. A computer-implemented method for real-time vulnerability assessment of a 
host/device, said method comprising: 

a) tracking in real-time the status of interfaces and ports on the host/device, 

b) collecting and storing the status as entries in a data structure, 

c) comparing the entries to determine any change in the status of interfaces and/or 
the status of ports on the interfaces of the host/device, 

d) communicating the changes to a remotely located destination server on the 
network, 

e) storing said changes as entries in a data structure by the destination server 
wherein the entries indicate the state of each of the ports on each of the active 
interfaces of the host/device as reported, 

f) comparing the entries by the destination server to determine if there is any 
change in the status of interfaces and ports on the interfaces of the host/device 
as reported to it, and 

g) running vulnerability assessment tests on the host/device by the destination 
server and reporting the results. 

30. A computer-implemented method for real-time vulnerability assessment of a 
host/device, said method comprising: 
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a) polling the status of the ports and interfaces on the host/device, periodically at a 
pre-configured time interval, 

b) collecting the above information and storing as entries in the first data structure 
of an agent, 

5 c) comparing the entries to determine if there is any change in the status of 

interfaces and/or the status of ports on the interfaces of the host/device, 

d) communicating the changes to a remotely located destination server on the 
network, 

e) storing the received information as entries in the second data structure of a 
10 server by the destination server wherein the entries indicate the state of each of 

the ports on each of the active interfaces of the host/device as reported, 

f) comparing the entries by the destination server to determine if there is any 
change in the status of interfaces and ports on the interfaces of the host/device 
as reported to it, and 

15 g) running vulnerability assessment tests on the host/device by the destination 

server and reporting the results. 

31. The method of claims 29 and 30, wherein the status of an interface is either active 
or inactive, 

32. The method of claim 29 and 30, wherein the status of a port is a service listening on 
20 the port or not. 

33. The method of claim 29 and 30, wherein the agent tracks the change in status of 
ports/interface by monitoring in real-time or polling at periodic intervals for the 
status of ports/interfaces and storing the entries at various time intervals. 

34. The method of claim 29 and 30, wherein the communication protocol between the 
25 host/device and the destination server is a standard transport level utility selected 

from sockets or any other standard communication protocol. 

35. The method of claim 29 and 30, wherein the server executable module compares the 
entries corresponding two consecutive time intervals. 

36. The method of claim 29 and 30, wherein the changes that are communicated to the 
30 destination server consisting of the IP address of the interface(s) and the port 

numbers on which listening services have started or stopped on the particular 
interface(s). 
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37. The method of claim 29 and 30, wherein the status of the port consists of separate 
statuses for TC and UD protocols. 

38. The method of claim 29 and -30, wherein plurality of hosts/devices is tracked in 
conjunction with one or more destination servers handling the host/devices. 
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